membershipreboot

Cookies Set but not Sent in Subsequent Requests

I'm preparing a demo of MembershipReboot for my local user group. I'm experiencing a strange scenario whereby the 2 cookies:

  1. FedAuth; and
  2. FedAuth1

are being set in the headers of the Response. However, in subsequent Requests, they are not part of the headers. I confirmed this using Fiddler and it explains why User.Identity.IsAuthenticated is always false after successful logins.

Is the anything which may be leading to this weird scenario?

Cheers

Solution

  • I had a few subtle errors in my Web.config file.

    In the configSections element

    Instead of:

    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

    I had:

    <section name="system.identitymodel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

    In the system.webServer > modules element

    Instead of:

    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>

    I had:

    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />

    For the system.identityModel.services element

    Instead of:

    <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" persistentSessionLifetime="30:00:00"/>
    </federationConfiguration>
</system.identityModel.services>

    I had:

    <system.identitymodel.services>
    <federationconfiguration>
      <cookiehandler requiressl="false" persistentSessionLifetime="30:00:00" />
    </federationconfiguration>
</system.identitymodel.services>

    This was tough to diagnose, so always be careful when configuring your application!

    MembershipReboot rocks!!!